CVE-2024-13725 – The Keap Official Opt-in Forms WordPress plugin... (How to Fix)

Q: What is the severity of CVE-2024-13725?

CVE-2024-13725 has a CVSS score of 9.8 (CRITICAL). The Keap Official Opt-in Forms WordPress plugin has a Local File Inclusion vulnerability that allows unauthenticated attackers to include PHP files on the server. This can lead to arbitrary code execution, access control bypass, and data theft. All WordPress sites using this plugin version 2.0.1 or earlier are affected.

📋 TL;DR

The Keap Official Opt-in Forms WordPress plugin has a Local File Inclusion vulnerability that allows unauthenticated attackers to include PHP files on the server. This can lead to arbitrary code execution, access control bypass, and data theft. All WordPress sites using this plugin version 2.0.1 or earlier are affected.

💻 Affected Systems

Products:

Keap Official Opt-in Forms WordPress plugin

Versions: All versions up to and including 2.0.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Risk increases if register_argc_argv is enabled and pearcmd.php is installed, potentially enabling remote code execution.

📦 What is this software?

Keap Official Opt In Forms by Keap

View all CVEs affecting Keap Official Opt In Forms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Unauthenticated attackers executing arbitrary PHP code, potentially gaining administrative access to the WordPress site.

🟢

If Mitigated

Limited impact if proper file permissions, web application firewalls, and input validation are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted requests to the vulnerable endpoint with the service parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.2 or later

Vendor Advisory: https://wordpress.org/plugins/infusionsoft-official-opt-in-forms/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find Keap Official Opt-in Forms. 4. Click Update Now. 5. Verify version is 2.0.2 or higher.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate infusionsoft-official-opt-in-forms

Web Application Firewall rule

all

Block requests containing suspicious service parameter values

🧯 If You Can't Patch

Implement strict file permissions to prevent PHP file uploads
Deploy a web application firewall with LFI protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Keap Official Opt-in Forms for version number

Check Version:

wp plugin get infusionsoft-official-opt-in-forms --field=version

Verify Fix Applied:

Confirm plugin version is 2.0.2 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

HTTP requests with service parameter containing path traversal sequences (../)
Unusual file access patterns in web server logs

Network Indicators:

Requests to /wp-content/plugins/infusionsoft-official-opt-in-forms/ with crafted service parameter

SIEM Query:

source="web_server_logs" AND uri="*infusionsoft-official-opt-in-forms*" AND query="*service=*"

📊 Metadata

CVE ID: CVE-2024-13725

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 1.57% exploit probability (81.2th percentile)

Published: February 18, 2025

Last Updated: February 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13725, you might also want to check these: